Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TorrentLocker Ransomware Cracked and Decrypter has been made


  • Please log in to reply
359 replies to this topic

#16 DiSTURBED_oNE

DiSTURBED_oNE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 September 2014 - 06:58 PM

Hey Nathan,

 

Thank you for your efforts.

I have tried two sets of files so far (both jpg) one set is just over 2 mb the other is around 5 mb.

I was able to get the unencrypted copy via Dropbox.

 

So far the keys generated using your tool have not successfully decrypted any test files.

I have the exact symptoms you describe so I am pretty sure its Torrentlocker.

 

Any ideas?

 

Thanks again for your work.



BC AdBot (Login to Remove)

 


#17 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:22 PM

Posted 16 September 2014 - 07:03 PM

Yes, The idea is that because of the previous sites that wanted to share the glitch with the whole internet, the virus creator has now patched it. Which means newer infections from this variant will not be able to use my tool.

 

If anyone has the dropper or the EXE, please submit it to:

http://www.bleepingcomputer.com/submit-malware.php

 

And i will see if the fix can be updated.


Have you performed a routine backup today?

#18 DiSTURBED_oNE

DiSTURBED_oNE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 16 September 2014 - 08:53 PM

Just submitted the new variant.



#19 tjejojyj

tjejojyj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 September 2014 - 04:47 AM

Thanks.  This is great.   I've spent the past day searching the web and have finally found the answer.  

 

We have an infected machine that attacked some of the files on a server it had rights to.  

 

I'm about to do a clean install of the machine of the infected machine but I'm running the decrypter first to try to recover the 8,500 files in /My Documents/ files that weren't backed up.  (Server was okay).    The test didn't seem to work on small files (as was reported in posts above) but was okay in large test files.

 

My "newbie" questions are:

1. Should I delete the malware before I copy off the recovered files?  How do I do this?
2. I used a flashdrive to run the "decrypter" on the infected machine.  Should I be worried about the flashdrive being "infected"?  (I've heard malware doesn't replicate like viruses but I'd like to be sure).

 

Thanks in advance.  I'll send a donation shortly.

 



#20 RonGee98

RonGee98

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 17 September 2014 - 01:42 PM

Hi,

  I am a recent Cryptowall vicitim, about 2 days ago.  I have no recent backups and it has infected 3 or our 5 PCs on our o.   I minimally tech saavy and have called a local tech person to help, but I figured I would get help from someone that knows the most about this horrible virus. Are there any decryption cures for the Cryptowall virus, I'd rather not pay since there is no guarantee of getting the software from them, but if I did decided to pay would it work on all of our PCs, they have mapped drives to each other or would I have to pay the fee for each one?   Let me know and what ever you can do to help would appreciated.

 

Thank you



#21 tjejojyj

tjejojyj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 September 2014 - 07:14 PM

Hi,

  I am a recent Cryptowall vicitim, about 2 days ago.  I have no recent backups and it has infected 3 or our 5 PCs on our o.   I minimally tech saavy and have called a local tech person to help, but I figured I would get help from someone that knows the most about this horrible virus. Are there any decryption cures for the Cryptowall virus, I'd rather not pay since there is no guarantee of getting the software from them, but if I did decided to pay would it work on all of our PCs, they have mapped drives to each other or would I have to pay the fee for each one?   Let me know and what ever you can do to help would appreciated.

 

Thank you

 

If the ransom demand is the same as the one shown on the first page of this thread then I can confirm the decrypter does work and is very easy to use.    Don't pay the ransom and get some help.  The main thing is you need to have an unencrypted version of one of the encrypted files.



#22 RonGee98

RonGee98

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 17 September 2014 - 09:13 PM

 

Hi,

  I am a recent Cryptowall vicitim, about 2 days ago.  I have no recent backups and it has infected 3 or our 5 PCs on our o.   I minimally tech saavy and have called a local tech person to help, but I figured I would get help from someone that knows the most about this horrible virus. Are there any decryption cures for the Cryptowall virus, I'd rather not pay since there is no guarantee of getting the software from them, but if I did decided to pay would it work on all of our PCs, they have mapped drives to each other or would I have to pay the fee for each one?   Let me know and what ever you can do to help would appreciated.

 

Thank you

 

If the ransom demand is the same as the one shown on the first page of this thread then I can confirm the decrypter does work and is very easy to use.    Don't pay the ransom and get some help.  The main thing is you need to have an unencrypted version of one of the encrypted files.

 

My Demand ransom page is different it looks like the one on the CryptoWall support topic By Lawrence Abrams on July 10, 2014. Will it work for that one? If so I will try it.



#23 tjejojyj

tjejojyj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 September 2014 - 10:10 PM

Read the first post in this thread carefully.  The decrypter will only work for THIS VARIANT which is only calls itself "CryptoLocker" to scare people but is actually different.   I can't see the post you are referring to but I would guess it won't work.



#24 indyguru

indyguru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 17 September 2014 - 10:25 PM

Hi! I used the decrypter to successfully decrypt some files, although, my DECRYPT_INSTRUCTIONS.TXT says it's a cryptowall encryption. Here is my question as a look at decrypting the thousands of files that this ransomware has altered on my system: Do I need to change the filename on all of the files so it has the .encrypted extension? I've exported the registry key, so I can know what files I need to change back, but if I have to rename each and every one, then that would seem to take quite a bit of time! So, I'm wondering if I missed something in the instructions.

 

Thanks,

Tim.



#25 cannon_fodder

cannon_fodder

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 18 September 2014 - 12:02 AM

Another victim here, although it appears we are infected by a modified variant, as the TorrentLocker decrypter isn't working for us. Have tried on a number of files over 2mb in size to no avail. 

 

Happy to send through any files if it helps. 



#26 indyguru

indyguru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 September 2014 - 12:46 PM

I have uploaded the possible file that unleashed the torrentlocker. The filename is ef6b2ff. Please let me know if this helps you!

 

Thanks for all your hard work!

 

Tim.



#27 CoastalData

CoastalData

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 18 September 2014 - 02:27 PM

Hello, Looks like I've got an infected computer on my network, and some files on the server have been modified. Where's a link for how this infection works, and how to get rid of it?

 

Thanks!

 

--Jon



#28 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,168 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 19 September 2014 - 11:14 AM

We have created a dedicated thread for TorrentLocker support and discussion here:

TorrentLocker Support and Discussion Thread (CryptoLocker copycat)

#29 Nathan

Nathan

    DecrypterFixer

  • Topic Starter

  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:22 PM

Posted 25 September 2014 - 04:28 PM

If you have torrentlocker, please PM me or email me at Decryptorbit@outlook.com, or PM Grinler. We may now have a method to decrypt all files from any version of torrentlocker.

 

thanks.


Have you performed a routine backup today?

#30 yehyeh

yehyeh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 25 September 2014 - 07:08 PM

Hi,

 

One of my colleagues has got this on his computer. Used your software, it works with most files except word and excel.

 

Is there a solution to revive these files? and do I need to send a sample file for you to decrypt? hope I can get a reply.

 

Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users